Pub. 3 2024 Issue 3

2024’S TOP CYBERSECURITY THREATS As the process of protecting systems, networks and endpoints from attack, cybersecurity is critical to any organization. Since banks must protect customer data, keeping up with evolving cyber threats and concerns is vital. In its annual “Banking Priorities” survey, CSI asked bankers across the country about their views on top cybersecurity challenges. This article explores how bankers view the changing cybersecurity landscape. EXPLORING BANKERS’ TOP CYBERSECURITY CONCERNS As part of our country’s critical infrastructure, financial institutions are prime targets of cyberattacks and must navigate an evolving threat landscape. Let’s examine the breakdown of bankers’ top cybersecurity concerns in this year’s survey: • Adapting to Changes in the Cyber Insurance Market: The results reveal that 19% of bankers view this as their top concern, which is unsurprising as cyber incidents continue to rise. In addition to cybersecurity monitoring solutions and increased personnel training, cyber liability insurance provides another layer of protection for institutions in the event of an attack. This result highlights a potential uncertainty about upcoming developments in the cyber insurance market, whether regarding price increases or coverage exceptions. Institutions should carefully review their coverage, and some are seeking assistance from IT governance services to evaluate their needs. • Being Unprepared to Respond to a Cyberattack: 18% of bankers expressed concern with their preparedness for cyberattack responses. As incidents evolve, institutions must ensure they plan accordingly, including developing and testing robust incident response plans (IRPs) that detail the steps to take in the event of a cybersecurity incident. Having an established IRP makes it easier for institutions to act decisively and minimize negative consequences if faced with a cyberattack. • Lack of Compliance with Cybersecurity Frameworks: 17% of bankers selected lack of compliance with cybersecurity frameworks as a top concern. Implementing robust cybersecurity frameworks, such as the National Institute of Standards and Technology’s Cybersecurity Framework (NIST CSF), helps institutions identify and apply solid controls in high-risk areas. Proven frameworks also enable banks to maximize compliance initiatives and cybersecurity spending. • Cyber Risks Not Being a Priority for Executive Leadership: This year, 17% of respondents indicated concern that cyber risks are not a priority for their institution’s executive leadership. Institutional leadership should recognize cybersecurity as a business issue, and a chief information security officer (CISO) plays an important role in guiding cybersecurity spending. ARE BANKERS READY TO RESPOND TO CYBERSECURITY THREATS? Preparing for the inevitable cyberattack is a never-ending responsibility. Let’s gain insight into banking executives’ perspectives on their own cybersecurity readiness: • Improving Cybersecurity Education: 92% of respondents agree — with 50% strongly agreeing — that their bank could improve cybersecurity education. If your employees receive a suspicious email, do they know the proper steps to report it? Educating employees on evolving threats and the latest social engineering schemes is one of the most effective ways to mitigate cyber risk. • Understanding Cyber Risk: Most respondents (89%) agree they understand their institution’s cyber risk. But as risk continues to evolve, are banks keeping up with the latest threats? Understanding recent cyber incidents provides key insight into how bad actors execute attacks and helps institutions stay one step ahead. As discussed previously, consider implementing a cybersecurity framework to guide risk mitigation if you haven’t already. • Producing a Business Case for Cyber Spending: An overwhelming majority (92%) of respondents feel their CISO can produce a strategic business case for cyber spending. Since cybersecurity affects the entire organization, it should be viewed as a business issue. IT governance helps your institution ensure your technology investments support your unique goals while mitigating IT- and cybersecurity-related risk. IT governance experts can also supplement your CISO’s efforts in making a business case for cyber spending. By Steve Sanders Chief Risk Officer and Chief Information Security Officer, CSI, ICBC Associate Member 12 | INDEPENDENT REPORT

RkJQdWJsaXNoZXIy MTg3NDExNQ==